From 47aa9ed82f67758c3b4d9ab46dd8dd65508a10eb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 18 Oct 2011 18:10:00 +0200 Subject: [PATCH] lib/util: skip single hex digit at the end of the input sting - fix potential segfault The second of two digits was read without checking for the length of the input string. For a non-zero-terminated input string, this might have caused a segfault. Autobuild-User: Michael Adam Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104 --- lib/util/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/util/util.c b/lib/util/util.c index 67ac6938a4c..133bd0dfb0b 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -694,6 +694,7 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c) * - "0xnn" or "0Xnn" is specially catered for. * - The first non-hex-digit character (apart from possibly leading "0x" * finishes the conversion and skips the rest of the input. + * - A single hex-digit character at the end of the string is skipped. * * valid examples: "0A5D15"; "0x123456" */ @@ -710,7 +711,7 @@ _PUBLIC_ size_t strhex_to_str(char *p, size_t p_len, const char *strhex, size_t i += 2; /* skip two chars */ } - for (; i < strhex_len && strhex[i] != 0; i++) { + for (; i+1 < strhex_len && strhex[i] != 0 && strhex[i+1] != 0; i++) { p1 = strchr(hexchars, toupper((unsigned char)strhex[i])); if (p1 == NULL) { break; -- 2.34.1